I notice no mention of a bug bounty. Did they not get paid for this?

All I could find of a Dusk bug bounty was this blog post from 2023[0]:

> Although we do not currently have a bug bounty program, we will certainly create an extensive one in the near future, when we are ready to transition toward the auditing, testing, and security assessment phases of our roadmap.

And the roadmap links to a URL that now 404s.

I would be extremely reticent to use a blockchain with no bug bounty, as it means that it's easy for a malicious actor to monetize a vulnerability, but there's no incentive for an honest researcher to report it or even look for one.

[0] https://dusk.network/news/infrastructure-vulnerability-fixed